malware in popular networks dmitry o. gryaznov. the big change ► mostly viruses, few trojans ►...
TRANSCRIPT
Malware in Popular NetworksDmitry O. Gryaznov
The Big Change
► Mostly viruses, few trojans
► Obvious destructive or annoying payload
► Mischief and vandalism
► Nothing gained but “glory”
► Mostly non-replicating malware
► Trying to stay inconspicuous
► Theft and control
► Monetary gains
Then Now
Malware “Highways”
► Usenet
► Internet Relay Chat (IRC)
► Peer-to-peer (P2P)
► Instant Messaging (IM)
Usenet
► Since early 1980s
► Over 100,000 newsgroups
► Millions of users
► Over 2 Terabytes daily
► Mostly binaries – video, audio, software
Top Ten Malware Detections in Usenet in 2005
BackDoor-AZV 46963
W32/Spybot.worm.gen.b 4876
BackDoor-CQZ 1381
W32/Swen@MM 283
W32/Torvil@MM 192
MultiDropper-DC 183
W32/Kelvir.worm.gen 75
W32/Netsky.p@MM 75
BackDoor-ACH 72
BackDoor-Sub7.svr 44
Internet Relay Chat (IRC)
► Since early 1990s
► Dozens of networks (EFNet, DALnet, Undernet, etc.)
► Millions of users
► Direct file spamming (via DCC Send)
► URL spamming (via text messages)
► Used by numerous malwares even when no IRC software was ever installed by user
Top Ten Malware Detections in IRC in 2005
W32/Drefir.worm 453
IRC/Flood 319
VBS/Redlof@MM 224
IRC-Contact 224
VBS/Gedza 143
Downloader-TS 107
BackDoor-JZ 71
W32/Pate.b 42
W32/Jeefo 40
Nuke-Vai 40
Peer-to-peer networks (P2P)
► File sharing: movies, music, software
► Numerous networks (Kazaa, eDonkey, BitTorrent, Gnutella, etc.)
► Millions of users
► “Bridging” between different networks
Top Ten Malware detections in Gnutella in 2005
Downloader-TS 7540
W32/Tibick!p2p 1764
W32/Generic.d!p2p 1597
W32/Sndc.worm!p2p 1438
VBS/Gedza 1029
W32/Bagle.aa@MM 784
Exploit-MS04-028 757
W32/Pate.b 649
W32/Sdbot.Worm.gen 566
W32/Bagle.n@MM 535
Questions?